harald/VerityBook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update README.md

Browse source
This commit is contained in:
Harald Hoyer 2018-09-05 12:55:22 +02:00
parent dfc067af2f
commit 6252c99850
1 changed files with 33 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

32
README.md
View file

@ -1,9 +1,20 @@
# FedoraBook # FedoraBook
WIP Let's put all the fancy features together, we developed in the last years:
- Combined kernel+initramfs EFI binaries
- Secure Boot
- clevis with TPM2
- LUKS2
- dm-verity + squashfs root
- Flatpak
- flickerless boot
and build a Chromebook like Fedorabook, where you can install all software via Flatpak.
This is WIP. Please test and report issues or comments on https://pagure.io/Fedorabook/issues
## Goals ## Goals
- secure boot to the login screen - secure boot to the login screen
- immutable /usr and maybe /etc
- ensured integrity to the login screen - ensured integrity to the login screen
- encrypted volatile data - encrypted volatile data
- A/B boot switching for updates - A/B boot switching for updates
@ -18,8 +29,19 @@ WIP
## TODO ## TODO
- merge mkimage.sh and clonedisk - merge mkimage.sh and clonedisk
- change partition UUIDs for /data
- UUID for TPM LUKS
- UUID for LUKS
- UUID for unencrypted xfs
- update mechanism - update mechanism
- add proper EFI boot manager entries for A and B
- extend efi stub for recovery boot in the old image
- signing tools - signing tools
- firmware update
- selinux?
## Known Failures
- gnome-software: can't update firmware repo
## Create ## Create
@ -55,3 +77,11 @@ $ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…
- ```clonedisk <usb stick device> <harddisk device>``` - ```clonedisk <usb stick device> <harddisk device>```
- reboot - reboot
- remove stick - remove stick
## Post Boot
### Persistent journal
```bash
$ sudo mkdir /var/log/journal
```